Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Poppler
(Freedesktop)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 81 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-07-12 | CVE-2017-2818 | An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability. | Poppler | 8.8 | ||
| 2019-03-01 | CVE-2019-9543 | An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit. | Poppler | 8.8 | ||
| 2019-03-01 | CVE-2019-9545 | An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero. | Poppler | 8.8 | ||
| 2017-09-30 | CVE-2017-14928 | In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. | Debian_linux, Poppler | 5.5 | ||
| 2017-09-30 | CVE-2017-14926 | In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. | Debian_linux, Poppler | 5.5 | ||
| 2010-11-05 | CVE-2010-3702 | The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. | Cups, Ubuntu_linux, Debian_linux, Fedora, Poppler, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Linux_enterprise_server, Xpdf | N/A | ||
| 2019-09-05 | CVE-2018-21009 | Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. | Poppler | 8.8 | ||
| 2018-12-26 | CVE-2018-20481 | XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. | Ubuntu_linux, Debian_linux, Poppler | 6.5 | ||
| 2018-09-06 | CVE-2018-16646 | In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. | Ubuntu_linux, Debian_linux, Poppler | 6.5 | ||
| 2018-05-10 | CVE-2017-18267 | The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. | Ubuntu_linux, Debian_linux, Poppler, Ansible_tower, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 5.5 |